Apparatus and method for transitioning enhanced security context from a utran-based serving network to a geran-based serving network

ABSTRACT

Disclosed is a method for transitioning an enhanced security context from a UTRAN-based serving network to a GERAN-based serving network. In the method, the remote station the remote station generates first and second session keys, in accordance with the enhanced security context, using an enhanced security context root key and a first information element. The remote station receives a first message from the UTRAN-based serving network. The first message includes a second information element signaling to the remote station to generate third and fourth session keys for use with the GERAN-based serving network. The remote station generates, in response to the first message, the third and fourth session keys using the second information element and the first and second session keys. The remote station protects wireless communications, on the GERAN-based serving network, based on the third and fourth session keys.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Application No.61/325,001, filed Apr. 16, 2010, which application is incorporatedherein by reference.

This application is related to U.S. Provisional Application No.61/324,646, filed Apr. 15, 2010, and to U.S. Provisional Application No.61/324,991, filed Apr. 16, 2010.

BACKGROUND

1. Field

The present invention relates generally to an enhanced security contextfor user equipment operating in a Universal Mobile TelecommunicationsService (UMTS) and/or GSM Edge Radio Access Network (GERAN).

2. Background

A successful AKA (Authentication and Key Agreement) authentication in aUMTS third generation (3G) radio access network or in a GERAN networksusing 3G AKA authentication results in a pair of shared keys, a cipherkey (CK) and an integrity key (IK), for securing communications betweena user equipment (UE) and the network. The shared keys may be useddirectly to secure the traffic between the UE and the network as in thecase of UTRAN (UMTS Terrestrial Radio Access Network), or may be used tostatically derive keys, e.g. K_(C) or K_(C128), in the case of GERAN(GSM Edge Radio Access Network).

A compromised key may result in serious security problems until the keysare changed at a next AKA authentication. Typically, the AKAauthentication is not run often due to the significant overheadrequired. Also, if both keys (CK and IK) are compromised, then the GERANkeys are compromised.

In UMTS/HSPA (High Speed Packet Access) deployments, some or all offunctionalities of a radio network controller (RNC) and a Node B may becollapsed together into one node at the edge of the network. The RNCneeds the keys for functionalities such as user plane ciphering andsignaling plane ciphering and integrity protection. However, the RNCfunctionality may be deployed in an exposed location such as in a HomeNode B in a UMTS Femtocell. Accordingly, RNC functionality deployed inpossibly insecure locations providing access (including physical access)may allow the keys, CK and IK, to be compromised.

Session keys (modified version of CK and IK) may be used to lower thesecurity risks associated with exposed RNC functionality. Techniques forproviding such session keys are disclosed in U.S. Patent ApplicationPublication No. US 2007/0230707 A1.

Unfortunately, the use of such session keys require upgrademodifications to the serving networks. However, networks operators arelikely to upgrade serving networks in a staged manner.

There is therefore a need for a technique for transitioning an enhancedsecurity context support from a UTRAN-based serving network to aGERAN-based serving network.

SUMMARY

An aspect of the present invention may reside in a method fortransitioning a first security context from a first-type serving networkto a second-type serving network. In the method, the remote station theremote station generates first and second session keys, in accordancewith the first security context, using a first information element andusing a root key associated with the first security context. The remotestation receives a first message from the first-type serving network.The first message includes a second information element signaling to theremote station to generate third and fourth session keys for use withthe second-type serving network. The remote station generates, inresponse to the first message, the third and fourth session keys usingthe second information element and the first and second session keys.The remote station protects wireless communications, on the second-typeserving network, based on the third and fourth session keys.

In more detailed aspects of the invention, the first information elementmay comprise a count value. The first security context may be anenhanced security context having a security property that is notsupported by a second security context. The first-type serving networkmay be a UTRAN-based serving network, and the second-type servingnetwork may be a GERAN-based serving network. Alternatively, thefirst-type serving network may be a GERAN-based serving network, and thesecond-type serving network may be a UTRAN-based serving network. Also,the remote station may comprise a mobile user equipment.

Another aspect of the invention may reside in a remote station which mayinclude means for generating first and second session keys, inaccordance with a first security context, using a first informationelement and using a root key associated with the first security context;means for receiving a first message from a first-type-based servingnetwork, wherein the first message includes a second information elementsignaling to the remote station to generate third and fourth sessionkeys for use with a second-type serving network; means for generating,in response to the first message, the third and fourth session keysusing the second information element and the first and second sessionkeys; and means for protecting wireless communications, on thesecond-type serving network, based on the third and fourth session keys.

Another aspect of the invention may reside in a remote station which mayinclude a processor configured to: generate first and second sessionkeys, in accordance with a first security context, using a firstinformation element and using a root key associated with the firstsecurity context; receive a first message from a first-type servingnetwork, wherein the first message includes a second information elementsignaling to the remote station to generate third and fourth sessionkeys for use with a second-type serving network; generate, in responseto the first message, the third and fourth session keys using the secondinformation element and the first and second session keys; and protectwireless communications, on the second-type serving network, based onthe third and fourth session keys.

Another aspect of the invention may reside in a computer programproduct, comprising computer-readable storage medium, comprising codefor causing a computer to generate first and second session keys, inaccordance with a first security context, using a first informationelement and using a root key associated with the first security context;code for causing a computer to receive a first message from a first-typeserving network, wherein the first message includes a second informationelement signaling to the remote station to generate third and fourthsession keys for use with a second-type serving network; code forcausing a computer to generate, in response to the first message, thethird and fourth session keys using the second information element andthe first and second session keys; and code for causing a computer toprotect wireless communications, on the second-type serving network,based on the third and fourth session keys.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of an example of a wireless communicationsystem.

FIG. 2 is a block diagram of an example of a wireless communicationsystem in accordance with a UMTS/UTRAN architecture.

FIG. 3 is a block diagram of an example of a wireless communicationsystem in accordance with a GERAN architecture.

FIG. 4 is a flow diagram of a method for transitioning an enhancedsecurity context support from a UTRAN-based serving network to aGERAN-based serving network.

FIG. 5 is a flow diagram of a method for establishing an enhancedsecurity context between a remote station and a serving network based onan attach request message.

FIG. 6 is a flow diagram of a method for establishing at least onesession key from an enhanced security context between a remote stationand a serving network based on a service request message.

FIG. 7 is a flow diagram of a method for establishing at least onesession key from an enhanced security context between a remote stationand a serving network based on a routing area update request message.

FIG. 8 is a block diagram of a computer including a processor and amemory.

FIG. 9 is a flow diagram of a method for transitioning an enhancedsecurity context support from a UTRAN-based serving network to aGERAN-based serving network.

DETAILED DESCRIPTION

The word “exemplary” is used herein to mean “serving as an example,instance, or illustration.” Any embodiment described herein as“exemplary” is not necessarily to be construed as preferred oradvantageous over other embodiments.

With reference to FIGS. 2 though 4, an aspect of the present inventionmay reside in a method 400 for transitioning an enhanced securitycontext from a UTRAN-based serving network 230 to a GERAN-based servingnetwork 230′. In the method, the remote station 210 generates first andsecond session keys, in accordance with the enhanced security context,using an enhance security context root key and a first informationelement (step 410). The remote station receives a first message from theUTRAN-based serving network (step 420). The first message includes asecond information element signaling to the remote station to generatethird and fourth session keys for use with the GERAN-based servingnetwork. The remote station generates, in response to the first message,the third and fourth session keys using the second information elementand the first and second session keys (step 430). The remote stationprotects wireless communications, on the GERAN-based serving network,based on the third and fourth session keys (step 440).

The first information element may comprise a count. Also, the remotestation may comprise a mobile user equipment (UE) such as a wirelessdevice.

With further reference to FIG. 8, another aspect of the invention mayreside in a remote station 210 which may include means (processor 810)for generating first and second session keys, in accordance with anenhanced security context, using an enhanced security context root keyand a first information element; means for receiving a first messagefrom a UTRAN-based serving network, wherein the first message includes asecond information element signaling to the remote station to generatethird and fourth session keys for use with a GERAN-based servingnetwork; means for generating, in response to the first message, thethird and fourth session keys using the second information element andthe first and second session keys; and means for protecting wirelesscommunications, on the GERAN-based serving network, based on the thirdand fourth session keys.

Another aspect of the invention may reside in a remote station 210 whichmay include a processor 810 configured to: generate first and secondsession keys, in accordance with an enhanced security context, using anenhanced security context root key and a first information element;receive a first message from a UTRAN-based serving network, wherein thefirst message includes a second information element signaling to theremote station to generate third and fourth session keys for use with aGERAN-based serving network; generate, in response to the first message,the third and fourth session keys using the second information elementand the first and second session keys; and protect wirelesscommunications, on the GERAN-based serving network, based on the thirdand fourth session keys.

Another aspect of the invention may reside in a computer programproduct, comprising computer-readable storage medium 820, comprisingcode for causing a computer 800 to generate first and second sessionkeys, in accordance with an enhanced security context, using an enhancedsecurity context root key and a first information element; code forcausing a computer to receive a first message from a UTRAN-based servingnetwork, wherein the first message includes a second information elementsignaling to the remote station to generate third and fourth sessionkeys for use with a GERAN-based serving network; code for causing acomputer to generate, in response to the first message, the third andfourth session keys using the second information element and the firstand second session keys; and code for causing a computer to protectwireless communications, on the GERAN-based serving network, based onthe third and fourth session keys.

The serving core network 230 is connected to a serving RAN (Radio AccessNetwork) 220 which provides wireless communications to the remotestation 210. In a UMTS/UTRAN architecture, the serving RAN includes aNode B and a RNC (Radio Network Controller). In a GERAN architecture,the serving RAN includes a BTS (Base Transceiver Station) and a BSC(Base Station Controller). The serving core network includes an MSC/VLR(Mobile Switching Center/Visitor Location Register) for providingcircuit-switched (CS) service, and an SGSN (Serving GPRS Support Node)for providing packet-switched (PS) services. The home network includesan HLR (Home Location Register) and an AuC (Authentication Center).

The UE 210 and the serving core network 230 may be enhanced with newsecurity properties to create an enhanced UMTS security context (ESC)using a COUNT (counter value). A 256-bit root key (K_(ASMEU)) for theESC may be derived from the CK and IK when AKA authentication isperformed. The root key may be set equal to CK∥∥IK, or it may be derivedusing a more complex derivation resulting in additional useful securityproperties (e.g., CK and IK do not need to be kept). The COUNT may be a16-bit counter value that is maintained between the UE and the servingcore network. (Note: a legacy UTRAN security context consists of KSI (a3-bit Key Set Identifier), CK (a 128-bit encryption key), and IK (a128-bit integrity key)).

The GERAN PS service differs from the UMTS/UTRAN PS service in that thesecurity used to protect traffic exists through idle mode. This meansthat if it is desired to have fresh UMTS keys for each active session,then an enhancement is needed.

The UTRAN to GERAN handover can be done in a way that is independent ofthe method used to determine the session keys. The UE and the SGSN sharean enhanced security context that includes the following parameters: KSI(also called CKSN) which is a key set identifier and which is alsocurrently used in UMTS/GERAN, and K_(ASMEU), which is a 256-bit root keyfor the security context. From the root key K_(ASMEU) and possibly fromparameters exchanged between the UE and the SGSN, a set of session keysCK_(S) and IK_(S) can be calculated. At handover, the source SGSN passesthe session keys CK_(S) and IK_(S) and the root key K_(ASMEU) to thetarget SGSN.

A target SGSN that supports the ESC calculates new session keys CK_(S)and IK_(S) from the root key K_(ASMEU) and the old session keys CK_(S)and IK_(S) and possibly some additional information. The target SGSNindicates to the UE that the new session keys were calculated andpossibly includes the additional information used by the SGSN that isnot already known to the UE, in a parameter sent as part of the handoversignaling (e.g. NAS container set for PS HO), and the UE performs thesame calculation to get the new session keys CK_(S) and IK_(S).Accordingly, when the UE returns to UMTS/UTRAN, the old session keyswill not be used.

With reference to FIG. 5, in a method 500 related to UMTS attachprocedures, the UE 210 may signal that it supports ESC in a UMTS attachrequest message (step 510). The support signal may be the presence of anew information element (IE) in the message. The IE may comprise theCOUNT value. A serving network SN 230 that does not support ESC willignore the new IE. Authentication data (RAND, XRES, CK, IK, AUTN) isobtained from the HLR/AuC 240 (step 515). The SN may indicate ESCsupport in the AKA challenge (Authentication Request) to the UE (step520). The UE performs the authentication procedures (step 525) andreturns a response RES to the SN (step 530). Upon successfulauthentication (step 530), the UE and SN derive the root key K_(ASMEU)and the session keys CK_(S) and IK_(S) (step 535). The SN forwards thesession keys to the RAN 220 in an SMC (Security Mode Command) message(step 540). The RAN generates a message authentication code (MAC) usingthe session key IK_(S), which is forwarded to the UE in an SMC message(step 545). The UE checks the MAC (step 550) using the session keyIK_(S) that the UE derived (step 535), and returns a complete indicationto the RAN (step 555), which forwards it to the SN (step 560). The UE isthen able to protect communications using the session keys (step 565).

With reference to FIG. 6, in a method 600 related to an Idle to ActiveMode procedure 600, the UE 210 forwards a service request message whichincludes the COUNT value to the SN 230 (step 610). The UE and SN derivenew the session keys CK_(S) and IK_(S) from the root key K_(ASMEU) (step620). The SN forwards the session keys to the RAN 220 in an SMC message(step 630). The RAN generates a MAC, which is forwarded to the UE in anSMC message (step 640). The UE checks the MAC (step 650), and returns acomplete indication to the RAN (step 660), which forwards it to the SN(step 670). The UE is then able to protect communications using thesession keys (step 680).

With reference to FIG. 7, in a method 700 related to mobility managementprocedures 700 (such as a Routing Area Update (RAU) or Location AreaUpdate (LAU), the UE 210 forwards a RAU (or LAU) request message whichincludes the COUNT value to the SN 230 (step 710). Optionally, the UEand SN may derive new the session keys CK_(S) and IK_(S) from the rootkey K_(ASMEU) (step 720) The SN may forward the session keys to the RAN220 in an SMC message (step 730). The RAN may generate a MAC, which maybe forwarded to the UE in an SMC message (step 740). The UE may checkthe MAC (step 750), and may return a complete indication to the RAN(step 760), which forwards it to the SN (step 770). The SN then sends aRAU accept message to the UE (step 780). The UE is then able to protectcommunications using the session keys.

New access stratum (AS) keys may be generated for each transition fromIdle to Active State. Similarly, keys may be generated at other events.The COUNT value may be sent in idle mobility messages and in initiallayer 3 messages, e.g., Attaches, RAUs, LAUs, for idle, mobility, orservice request. The SN may check that the sent COUNT value has not beenused before, and updates the stored COUNT value in the process. If theCOUNT value is new (e.g., received COUNT value>stored COUNT value), theUE and the SN proceed to calculate the new key CK_(S) and IK_(S), usinga Key Derivation Function (KDF) such as HMAC-SHA256, from the root keyK_(ASMEU) and the sent COUNT value. The KDF may include additionalinformation, such as RAN node identity, for the new key calculation. Ifthe check fails (the COUNT value is not new), the SN rejects themessage. For GERAN usage, when K_(C) and K_(C128) are calculated fromCK_(S) and IK_(S), it may be done in the same manner as when calculatedfrom CK and IK.

The session keys (CK_(S) and IK_(S)) may have a lifetime such that theUE and the serving network keep and use the session keys until either itis no longer necessary to store the keys to send traffic securelybetween the UE and the network (UE moves to Idle mode), or a new contextis created at a subsequent event (e.g., AKA authentication or a mobilityevent).

With reference to FIG. 9, an aspect of the present invention may residein a method 900 for transitioning an enhanced security context from aUTRAN-based serving network 230 (a first-type serving network) to aGERAN-based serving network 230′ (a second-type serving network). In themethod, the remote station 210 generates first and second session keysCK_(SA) and IK_(SA), in accordance with the enhanced security context,using an enhance security context root key (such as K_(ASMEU)) and afirst information element IE1 (such as a COUNT value) (step 910). Athandover, the UTRAN-based serving network 230 may pass the session keysCK_(SA) and IK_(SA) and the root key K_(ASMEU) to the GERAN-basedserving network 230′ (step 920). The GERAN-based serving network'sresponse, which includes a second information element IE2, tells theUTRAN-based serving network that it may hand the remote station over tothe GERAN-based serving network (step 930). The remote station receivesa first message from the UTRAN-based serving network (step 940). Thefirst message includes the second information element IE2 signaling tothe remote station to generate third and fourth session keys CK_(SB) andIK_(SB), for use with the GERAN-based serving network. The remotestation generates, in response to the first message, the third andfourth session keys using the second information element and the firstand second session keys (step 950). For GERAN usage, when K_(C) andK_(C128) are calculated from CK_(SB) and IK_(SB), it may be done in thesame manner as when calculated from CK and IK (step 960). The remotestation protects wireless communications, on the GERAN-based servingnetwork, based on the third and fourth session keys (step 970). Inanother aspect of the invention, the first-type serving network may be aGERAN-based serving network, and the second-type serving network may bea UTRAN-based serving network.

With reference again to FIG. 8, the remote station 210 may comprise acomputer 800 that includes a storage medium 820 such as memory, adisplay 830, and an input device 840 such as a keyboard. The apparatusmay include a wireless connection 850.

With reference to FIG. 1, a wireless remote station (RS) 102 (or UE) maycommunicate with one or more base stations (BS) 104 of a wirelesscommunication system 100. The wireless communication system 100 mayfurther include one or more base station controllers (BSC) 106, and acore network 108. Core network may be connected to an Internet 110 and aPublic Switched Telephone Network (PSTN) 112 via suitable backhauls. Atypical wireless mobile station may include a handheld phone, or alaptop computer. The wireless communication system 100 may employ anyone of a number of multiple access techniques such as code divisionmultiple access (CDMA), time division multiple access (TDMA), frequencydivision multiple access (FDMA), space division multiple access (SDMA),polarization division multiple access (PDMA), or other modulationtechniques known in the art.

A wireless device 102 may include various components that performfunctions based on signals that are transmitted by or received at thewireless device. For example, a wireless headset may include atransducer adapted to provide an audio output based on a signal receivedvia the receiver. A wireless watch may include a user interface adaptedto provide an indication based on a signal received via the receiver. Awireless sensing device may include a sensor adapted to provide data tobe transmitted to another device.

A wireless device may communicate via one or more wireless communicationlinks that are based on or otherwise support any suitable wirelesscommunication technology. For example, in some aspects a wireless devicemay associate with a network. In some aspects the network may comprise abody area network or a personal area network (e.g., an ultra-widebandnetwork). In some aspects the network may comprise a local area networkor a wide area network. A wireless device may support or otherwise useone or more of a variety of wireless communication technologies,protocols, or standards such as, for example, CDMA, TDMA, OFDM, OFDMA,WiMAX, and Wi-Fi. Similarly, a wireless device may support or otherwiseuse one or more of a variety of corresponding modulation or multiplexingschemes. A wireless device may thus include appropriate components(e.g., air interfaces) to establish and communicate via one or morewireless communication links using the above or other wirelesscommunication technologies. For example, a device may comprise awireless transceiver with associated transmitter and receiver components(e.g., a transmitter and a receiver) that may include various components(e.g., signal generators and signal processors) that facilitatecommunication over a wireless medium.

The teachings herein may be incorporated into (e.g., implemented withinor performed by) a variety of apparatuses (e.g., devices). For example,one or more aspects taught herein may be incorporated into a phone(e.g., a cellular phone), a personal data assistant (“PDA”), anentertainment device (e.g., a music or video device), a headset (e.g.,headphones, an earpiece, etc.), a microphone, a medical device (e.g., abiometric sensor, a heart rate monitor, a pedometer, an EKG device,etc.), a user I/O device (e.g., a watch, a remote control, a lightswitch, a keyboard, a mouse, etc.), a tire pressure monitor, a computer,a point-of-sale device, an entertainment device, a hearing aid, aset-top box, or any other suitable device.

These devices may have different power and data requirements. In someaspects, the teachings herein may be adapted for use in low powerapplications (e.g., through the use of an impulse-based signaling schemeand low duty cycle modes) and may support a variety of data ratesincluding relatively high data rates (e.g., through the use ofhigh-bandwidth pulses).

In some aspects a wireless device may comprise an access device (e.g., aWi-Fi access point) for a communication system. Such an access devicemay provide, for example, connectivity to another network (e.g., a widearea network such as the Internet or a cellular network) via a wired orwireless communication link. Accordingly, the access device may enableanother device (e.g., a Wi-Fi station) to access the other network orsome other functionality. In addition, it should be appreciated that oneor both of the devices may be portable or, in some cases, relativelynon-portable.

Those of skill in the art would understand that information and signalsmay be represented using any of a variety of different technologies andtechniques. For example, data, instructions, commands, information,signals, bits, symbols, and chips that may be referenced throughout theabove description may be represented by voltages, currents,electromagnetic waves, magnetic fields or particles, optical fields orparticles, or any combination thereof.

Those of skill would further appreciate that the various illustrativelogical blocks, modules, circuits, and algorithm steps described inconnection with the embodiments disclosed herein may be implemented aselectronic hardware, computer software, or combinations of both. Toclearly illustrate this interchangeability of hardware and software,various illustrative components, blocks, modules, circuits, and stepshave been described above generally in terms of their functionality.Whether such functionality is implemented as hardware or softwaredepends upon the particular application and design constraints imposedon the overall system. Skilled artisans may implement the describedfunctionality in varying ways for each particular application, but suchimplementation decisions should not be interpreted as causing adeparture from the scope of the present invention.

The various illustrative logical blocks, modules, and circuits describedin connection with the embodiments disclosed herein may be implementedor performed with a general purpose processor, a digital signalprocessor (DSP), an application specific integrated circuit (ASIC), afield programmable gate array (FPGA) or other programmable logic device,discrete gate or transistor logic, discrete hardware components, or anycombination thereof designed to perform the functions described herein.A general purpose processor may be a microprocessor, but in thealternative, the processor may be any conventional processor,controller, microcontroller, or state machine. A processor may also beimplemented as a combination of computing devices, e.g., a combinationof a DSP and a microprocessor, a plurality of microprocessors, one ormore microprocessors in conjunction with a DSP core, or any other suchconfiguration.

The steps of a method or algorithm described in connection with theembodiments disclosed herein may be embodied directly in hardware, in asoftware module executed by a processor, or in a combination of the two.A software module may reside in RAM memory, flash memory, ROM memory,EPROM memory, EEPROM memory, registers, hard disk, a removable disk, aCD-ROM, or any other form of storage medium known in the art. Anexemplary storage medium is coupled to the processor such the processorcan read information from, and write information to, the storage medium.In the alternative, the storage medium may be integral to the processor.The processor and the storage medium may reside in an ASIC. The ASIC mayreside in a user terminal. In the alternative, the processor and thestorage medium may reside as discrete components in a user terminal.

In one or more exemplary embodiments, the functions described may beimplemented in hardware, software, firmware, or any combination thereof.If implemented in software as a computer program product, the functionsmay be stored on or transmitted over as one or more instructions or codeon a computer-readable medium. Computer-readable media includes bothcomputer storage media and communication media including any medium thatfacilitates transfer of a computer program from one place to another. Astorage media may be any available media that can be accessed by acomputer. By way of example, and not limitation, such computer-readablemedia can comprise RAM, ROM, EEPROM, CD-ROM or other optical diskstorage, magnetic disk storage or other magnetic storage devices, or anyother medium that can be used to carry or store desired program code inthe form of instructions or data structures and that can be accessed bya computer. Also, any connection is properly termed a computer-readablemedium. For example, if the software is transmitted from a website,server, or other remote source using a coaxial cable, fiber optic cable,twisted pair, digital subscriber line (DSL), or wireless technologiessuch as infrared, radio, and microwave, then the coaxial cable, fiberoptic cable, twisted pair, DSL, or wireless technologies such asinfrared, radio, and microwave are included in the definition of medium.Disk and disc, as used herein, includes compact disc (CD), laser disc,optical disc, digital versatile disc (DVD), floppy disk and blu-ray discwhere disks usually reproduce data magnetically, while discs reproducedata optically with lasers. Combinations of the above should also beincluded within the scope of computer-readable media.

The previous description of the disclosed embodiments is provided toenable any person skilled in the art to make or use the presentinvention. Various modifications to these embodiments will be readilyapparent to those skilled in the art, and the generic principles definedherein may be applied to other embodiments without departing from thespirit or scope of the invention. Thus, the present invention is notintended to be limited to the embodiments shown herein but is to beaccorded the widest scope consistent with the principles and novelfeatures disclosed herein.

1. A method for transitioning a first security context from a first-typeserving network to a second-type serving network, comprising: the remotestation generating first and second session keys, in accordance with thefirst security context, using a first information element and using aroot key associated with the first security context; the remote stationreceiving a first message from the first-type serving network, whereinthe first message includes a second information element signaling to theremote station to generate third and fourth session keys for use withthe second-type serving network; the remote station generating, inresponse to the first message, the third and fourth session keys usingthe second information element and the first and second session keys;and the remote station protecting wireless communications, on thesecond-type serving network, based on the third and fourth session keys.2. A method for transitioning as defined in claim 1, wherein the firstinformation element comprises a count value.
 3. A method fortransitioning as defined in claim 1, wherein the first security contextis an enhanced security context having a security property that is notsupported by a second security context.
 4. A method for transitioning asdefined in claim 1, wherein the first-type serving network is aUTRAN-based serving network, and the second-type serving network is aGERAN-based serving network.
 5. A method for transitioning as defined inclaim 1, wherein the first-type serving network is a GERAN-based servingnetwork, and the second-type serving network is a UTRAN-based servingnetwork.
 6. A method for transitioning as defined in claim 1, whereinthe remote station comprises a mobile user equipment.
 7. A remotestation, comprising: means for generating first and second session keys,in accordance with a first security context, using a first informationelement and using a root key associated with the first security context;means for receiving a first message from a first-type serving network,wherein the first message includes a second information elementsignaling to the remote station to generate third and fourth sessionkeys for use with a second-type serving network; means for generating,in response to the first message, the third and fourth session keysusing the second information element and the first and second sessionkeys; and means for protecting wireless communications, on thesecond-type serving network, based on the third and fourth session keys.8. A remote station as defined in claim 7, wherein the first informationelement comprises a count value.
 9. A remote station as defined in claim7, wherein the first security context is an enhanced security contexthaving a security property that is not supported by a second securitycontext.
 10. A remote station as defined in claim 7, wherein thefirst-type serving network is a UTRAN-based serving network, and thesecond-type serving network is a GERAN-based serving network.
 11. Aremote station as defined in claim 7, wherein the first-type servingnetwork is a GERAN-based serving network, and the second-type servingnetwork is a UTRAN-based serving network.
 12. A remote station asdefined in claim 7, wherein the remote station comprises a mobile userequipment.
 13. A remote station, comprising: a processor configured to:generate first and second session keys, in accordance with a firstsecurity context, using a first information element and using a root keyassociated with the first security context; receive a first message froma first-type serving network, wherein the first message includes asecond information element signaling to the remote station to generatethird and fourth session keys for use with a second-type servingnetwork; generate, in response to the first message, the third andfourth session keys using the second information element and the firstand second session keys; and protect wireless communications, on thesecond-type serving network, based on the third and fourth session keys.14. A remote station as defined in claim 13, wherein the firstinformation element comprises a count value.
 15. A remote station asdefined in claim 13, wherein the first security context is an enhancedsecurity context having a security property that is not supported by asecond security context.
 16. A remote station as defined in claim 13,wherein the first-type serving network is a UTRAN-based serving network,and the second-type serving network is a GERAN-based serving network.17. A remote station as defined in claim 13, wherein the first-typeserving network is a GERAN-based serving network, and the second-typeserving network is a UTRAN-based serving network.
 18. A remote stationas defined in claim 13, wherein the remote station comprises a mobileuser equipment.
 19. A computer program product, comprising:computer-readable storage medium, comprising: code for causing acomputer to generate first and second session keys, in accordance with afirst security context, using a first information element and using aroot key associated with the first security context; code for causing acomputer to receive a first message from a first-type serving network,wherein the first message includes a second information elementsignaling to the remote station to generate third and fourth sessionkeys for use with a second-type serving network; code for causing acomputer to generate, in response to the first message, the third andfourth session keys using the second information element and the firstand second session keys; and code for causing a computer to protectwireless communications, on the second-type serving network, based onthe third and fourth session keys.
 20. A computer program product asdefined in claim 19, wherein the first information element comprises acount value.
 21. A computer program product as defined in claim 19,wherein the first security context is an enhanced security contexthaving a security property that is not supported by a second securitycontext.
 22. A computer program product as defined in claim 19, whereinthe first-type serving network is a UTRAN-based serving network, and thesecond-type serving network is a GERAN-based serving network.
 23. Acomputer program product as defined in claim 19, wherein the first-typeserving network is a GERAN-based serving network, and the second-typeserving network is a UTRAN-based serving network.